Scroll Site POC
Scroll Site POC
Breadcrumbs

SCR How is Compliance calculated on COMPASS?

Compliance Percentage Calculation Logic:
Compliance Percentage = Applicable Compliant Controls / All Applicable Controls

To understand how compliance percentage is calculated, we need to first understand the various statuses and categorization of controls. Note that you can also change the parameters for compliance calculation.

Control Statuses

Controls may display one of the following statuses:

  1. Compliant: Refer conditions for control compliance

  1. Non-Compliant: Refer conditions for control non-compliance

  1. Not Measured: A control shall be not measured when an issue associated with it has got an exception. An exception is when you have permission to exclude the control (where the issue is raised) from compliance calculation for a very specified amount of time. Post that it will become measurable.

Controls Categorization

·         Applicable Controls are those that are chosen by the client, depending on the frameworks and standards that are applicable to their business. These are marked applicable by the Admin or Compliance manager.

·         Not Applicable Controls are those that are pre-loaded on the platform.

·         It is mandatory to mark applicable controls:  Implemented or non-implemented status.

Conditions for Control Non-Compliance

A control will be marked non-compliant under the following conditions:

  • When a task is marked as rejected.

  • A task is not submitted or not approved by the end of the applicable frequency period. In such cases, the control will be marked non-compliant for that specific period.

  • If an issue exists which is past their due date i.e. overdue, then that issue will lead to non-compliance by the end of the frequency period.

Conditions for Control Compliance

A control shall be considered Compliant when all associated tasks are approved and there are no overdue issues.

Compliance Continuity

  • Once compliant, the control remains compliant:

    • Until a task is rejected, or

    • Until the control reaches the expiry of the upcoming frequency without task approval.

    • this ensures that a compliance of a control will continue till an active decision is taken which leads to its non-compliance.

Example of a control set to weekly frequency

If a control runs on a weekly frequency starting Jan 1, 2025, here’s how its compliance status is calculated:

  • If tasks are completed and approved on Jan 3, 2025, the control becomes Compliant.

  • When the next due date (Jan 8, 2025) passes, the control remains Compliant.

  • If tasks are completed and approved again between Jan 8–15, the control continues to remain Compliant for the next cycle.

  • If no action is taken between Jan 8–15, the control becomes Non-Compliant on Jan 15, 2025 (the next due date).

  • If a task is rejected at any point between Jan 8–15, the control becomes non-compliant immediately.

Changing Parameters for Compliance Calculation

Once you log into COMPASS, the dashboard displays cards, and a set of data grids display other compliance data points. The Compliance Trends data grid is where you can change the parameters for compliance calculation. Click on the filter icon to the top right of grid and select appropriately.